RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability

From: Aleksander P. Czarnowski (alekc@avet.com.pl)
Date: Wed Mar 19 2003 - 09:08:13 EST

• Next message: Rob Shein: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
• Previous message: Andrew Simmons: "Mystery service on tcp/205"
• Maybe in reply to: Gary O'leary-Steele: "Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
• Next in thread: Noonan, Wesley: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> You could give a look to the related Nessus plugin :
>
http://cvs.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plugins/scrip
ts/iis_webdav_overflow.nasl

First of all - just from quick testing - it seems than nessus plugin
don't work correctly, at least one from 18th of March. Secondly you can
use a bit brutal method of using LOCK or any other WebDAV method with
buffer >64kb - it was already discussed on ntbugtraq and snort-sigs I
believe. But this is still far from working exploit that gives you
reverse shell...
Best Regards
Aleksander Czarnowski
AVET INS

----------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does. Plug your security holes now!
Download a free 15-day trial of VAM:
http://www2.stillsecure.com/download/sf_vuln_list.html

• Next message: Rob Shein: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
• Previous message: Andrew Simmons: "Mystery service on tcp/205"
• Maybe in reply to: Gary O'leary-Steele: "Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
• Next in thread: Noonan, Wesley: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:30 EDT